CVE-2023-2993 MEDIUM

CVE-2023-2993

Vendor Lenovo
Product System Management Module (SMM)
Weakness CWE-281
Published June 26, 2023
Last update November 6, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

Key dates

02Disclosure timeline

June 26, 2023 CVE published
November 6, 2024 Record updated